Description of problem: don't set jsessionid cookie when authentication fails Version-Release number of selected component (if applicable): sf10 / rhevm-restapi-3.2.0-10.14.beta1.el6ev.noarch How reproducible: always Steps to Reproduce: 1. try to log in to rest api with "prefer: persistent-auth" header set and incorrect credentials 2. 3. Actual results: jsessionid cookie is set Expected results: jsession cookie is not set Additional info: a sort of subset of bug 876641
Hi Michael, Verifying on SF17.1 using the syntax David used in BZ #876641 , 1) seems that no matter if I use the header prefer:, prefer: persistant-auth or omit it, the jsession cookie is not set. Is that enough to pass the verification ? =============== $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 106 1062 106 1062 0 0 11440 0 --:--:-- --:--:-- --:--:-- 259k $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 106 1062 106 1062 0 0 10661 0 --:--:-- --:--:-- --:--:-- 259k $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer: persistant-auth" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 106 1062 106 1062 0 0 2749 0 --:--:-- --:--:-- --:--:-- 21240 2) However, using the same requests with the correct credentials, sets always the jsession cookie, is that regression for the BZ #876641 ? ================== $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 103 2176 103 2176 0 0 5794 Set-Cookie: JSESSIONID=adBo79t0Mljc4aMrlVVOLsxF; Path=/api; Secure 0 --:--:-- --:--:-- --:--:-- 46297 $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 103 2176 103 2176 0 0 17845 0 --Set-Cookie: JSESSIONID=ppwhB9zJoIZnI9m1Zm+xnQGt; Path=/api; Secure :--:-- --:--:-- --:--:-- 64000 $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer: persistant-auth" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 103 2176 103 2176 0 0 15586 Set-Cookie: JSESSIONID=87-DiwQ2+wJxuoP1Uzn2f2tq; Path=/api; Secure 0 --:--:-- --:--:-- --:--:-- 41056 3) using the syntax in the documentation results an error, is that doc bug (https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2-Beta/html/Developer_Guide/Example_Access_API_Entry_Point.html)? ====================== curl -X GET -H "Accept: application/xml" -u [USERASS] \ --cacert [CERT] \ https://[RHEVM Host]:443/api/ [bdagan@bdagan ~]$ curl -X GET -H "Accept: application/xml" -u [admin@internal:123456] --cacert rhevm.cer https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ <html><head><title>JBoss Web/7.2.0.Final-redhat-1 - JBWEB000064: Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.2.0.Final-redhat-1</h3></body></html>
(In reply to Barak Dagan from comment #2) > Hi Michael, > > Verifying on SF17.1 using the syntax David used in BZ #876641 , > 1) seems that no matter if I use the header prefer:, prefer: persistant-auth > or omit it, the jsession cookie is not set. Is that enough to pass the > verification ? > =============== > > $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 106 1062 106 1062 0 0 11440 0 --:--:-- --:--:-- --:--:-- > 259k > > > $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" -H "prefer:" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 106 1062 106 1062 0 0 10661 0 --:--:-- --:--:-- --:--:-- > 259k > > > $ curl --cacert rhevm.cer -D - -u aadmin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" -H "prefer: persistant-auth" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 106 1062 106 1062 0 0 2749 0 --:--:-- --:--:-- --:--:-- > 21240 > > 2) However, using the same requests with the correct credentials, sets > always the jsession cookie, is that regression for the BZ #876641 ? > ================== > > $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 103 2176 103 2176 0 0 5794 Set-Cookie: > JSESSIONID=adBo79t0Mljc4aMrlVVOLsxF; Path=/api; Secure > 0 --:--:-- --:--:-- --:--:-- 46297 > > $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" -H "prefer:" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 103 2176 103 2176 0 0 17845 0 --Set-Cookie: > JSESSIONID=ppwhB9zJoIZnI9m1Zm+xnQGt; Path=/api; Secure > :--:-- --:--:-- --:--:-- 64000 > > $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" > -H "Content-type: application/xml" -H "prefer: persistant-auth" > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET | grep -i jsess > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 103 2176 103 2176 0 0 15586 Set-Cookie: > JSESSIONID=87-DiwQ2+wJxuoP1Uzn2f2tq; Path=/api; Secure > 0 --:--:-- --:--:-- --:--:-- 41056 > > > 3) using the syntax in the documentation results an error, is that doc bug > (https://access.redhat.com/site/documentation/en-US/ > Red_Hat_Enterprise_Virtualization/3.2-Beta/html/Developer_Guide/ > Example_Access_API_Entry_Point.html)? > ====================== > > curl -X GET -H "Accept: application/xml" -u [USERASS] \ > --cacert [CERT] \ > https://[RHEVM Host]:443/api/ > [bdagan@bdagan ~]$ curl -X GET -H "Accept: application/xml" -u > [admin@internal:123456] --cacert rhevm.cer > https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ > > <html><head><title>JBoss Web/7.2.0.Final-redhat-1 - JBWEB000064: Error > report</title><style><!--H1 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76; > font-size:22px;} H2 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76; > font-size:16px;} H3 > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76; > font-size:14px;} BODY > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} > P > {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size: > 12px;}A {color : black;}A.name {color : black;}HR {color : > #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - > </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: > Status report</p><p><b>JBWEB000068: message</b> > <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request > requires HTTP authentication.</u></p><HR size="1" > noshade="noshade"><h3>JBoss Web/7.2.0.Final-redhat-1</h3></body></html> the header is => Prefer:persistent-auth
Verified on SF17.3: [RHEVM shell (connected)]# info backend version: 3.2 sdk version : 3.2.0.11 cli version : 3.2.0.9 python version : 2.6.6.final.0 Using incorrect credentials: ========================== $ curl --cacert rhevm.cer -D - -u dmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GETHTTP/1.1 401 Unauthorized Date: Tue, 04 Jun 2013 11:57:04 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST WWW-Authenticate: Basic realm="ENGINE" Content-Type: text/html;charset=utf-8 Content-Length: 1062 Vary: Accept-Encoding Connection: close $ curl --cacert rhevm.cer -D - -u dmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GETHTTP/1.1 401 Unauthorized Date: Tue, 04 Jun 2013 11:57:22 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST WWW-Authenticate: Basic realm="ENGINE" Content-Type: text/html;charset=utf-8 Content-Length: 1062 Vary: Accept-Encoding Connection: close $ curl --cacert rhevm.cer -D - -u dmin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:persistent-auth" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET HTTP/1.1 401 Unauthorized Date: Tue, 04 Jun 2013 11:57:29 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST WWW-Authenticate: Basic realm="ENGINE" Content-Type: text/html;charset=utf-8 Content-Length: 1062 Vary: Accept-Encoding Connection: close Using correct credentials: ========================== $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET HTTP/1.1 200 OK Date: Tue, 04 Jun 2013 11:53:30 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST Set-Cookie: JSESSIONID=gROXVhvzK9Yai9CDnPXkzH3v; Path=/api; Secure Content-Type: application/xml Content-Length: 2176 Vary: Accept-Encoding Connection: close $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET HTTP/1.1 200 OK Date: Tue, 04 Jun 2013 11:53:48 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST Set-Cookie: JSESSIONID=-X5hcsS5r64-Ku-06UC2d0SI; Path=/api; Secure Content-Type: application/xml Content-Length: 2176 Vary: Accept-Encoding Connection: close $ curl --cacert rhevm.cer -D - -u admin@internal:123456 -H "filter: true" -H "Content-type: application/xml" -H "prefer:persistent-auth" https://vm-161-12.scl.lab.tlv.redhat.com:443/api/ -X GET HTTP/1.1 200 OK Date: Tue, 04 Jun 2013 11:54:05 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 02:00:00 IST Set-Cookie: JSESSIONID=uYtpDkdmYARVxO1YspSLeebN; Path=/api; Secure JSESSIONID: uYtpDkdmYARVxO1YspSLeebN Content-Type: application/xml Content-Length: 2176 Vary: Accept-Encoding Connection: close
3.2 has been released